IDEAS / On the Brink of a New Age of Computer Insecurities

Of course, the report was an advertising supplement; it was not meant to be a definitive guide. But the section also reflected readers' attitudes; it was devoted to \"frequently asked questions,\" and the safety of computing and of the Internet as a whole was not among them. Leon Trotsky is said to have remarked, \"You may not be interested in war, but war is interested in you.\" As networked computers take control over ever larger parts of government and private business, many specialists and computer security administrators believe that not only widespread fraud but massive social disruption is possible. And they are disturbed that so little is being done. Impersonation is the basis of countless dirty tricks, such as broadcasting inflammatory messages that seem to originate with the victim. But it can happen unintentionally, too. The sender of the Princeton message logged on to the recipient's site from a Netscape browser on one of the university's dozens of public terminals, partly for its fast connection.The browser software had retained the name and e-mail account of a previous user and falsely labeled the new message with the old identity. In the good old days of 1994 you had to be positively absent-minded to risk impersonation. You had to forget to sign off a public terminal session, which is easy enough. (Or else, of course, some malicious and clever person had to be out to get you.) Now it takes no particular distraction to trip over an electronic banana peel. The geometric explosion of communication software, and the merely arithmetic pace of the repair of its security flaws, see to that. Another case in point: A user wanted to download some mail on my campus server to his own computer. How could he have known that without prompting, his mail program would automatically transfer files from his mailbox to the disk, then wipe out all 80 from the server? Or that for some reason, 70 of those files never made it to the disk but were simply lost? Both episodes point to a new Faustian bargain within the computing industry: the rapid evolution of communication and other applications software. Intense competition, especially the rivalry of Netscape and Microsoft for the global market in browser software, feeds a constant stream of new releases into the marketplace. All producers claim to be security conscious, yet there is still no security certification procedure known and widely accepted by the public comparable to the little seals of electric safety affixed to stereo receivers and even desk lamps. And just as airlines resist direct comparisons of safety records, the industry has not wanted to remind users of the risks to privacy and security posed by its products - even in the interest of increased market share. Some have even added features, like miniature programs within word-processing documents, that if uncorrected, can spread potentially dangerous viruses. Until recently, most virus-detecting software did not even examine data files.